Patch "smb: client: fix potential OOB in cifs_dump_detail()" has been added to the 6.6-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Thu, 28 Dec 2023 12:13:33 +0000

This is a note to let you know that I've just added the patch titled

    smb: client: fix potential OOB in cifs_dump_detail()

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     smb-client-fix-potential-oob-in-cifs_dump_detail.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From b50492b05fd02887b46aef079592207fb5c97a4c Mon Sep 17 00:00:00 2001
From: Paulo Alcantara <pc@xxxxxxxxxxxxx>
Date: Sat, 16 Dec 2023 01:10:04 -0300
Subject: smb: client: fix potential OOB in cifs_dump_detail()

From: Paulo Alcantara <pc@xxxxxxxxxxxxx>

commit b50492b05fd02887b46aef079592207fb5c97a4c upstream.

Validate SMB message with ->check_message() before calling
->calc_smb_size().

Signed-off-by: Paulo Alcantara (SUSE) <pc@xxxxxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 fs/smb/client/cifs_debug.c |   12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

--- a/fs/smb/client/cifs_debug.c
+++ b/fs/smb/client/cifs_debug.c
@@ -40,11 +40,13 @@ void cifs_dump_detail(void *buf, struct
 #ifdef CONFIG_CIFS_DEBUG2
 	struct smb_hdr *smb = buf;
 
-	cifs_dbg(VFS, "Cmd: %d Err: 0x%x Flags: 0x%x Flgs2: 0x%x Mid: %d Pid: %d\n",
-		 smb->Command, smb->Status.CifsError,
-		 smb->Flags, smb->Flags2, smb->Mid, smb->Pid);
-	cifs_dbg(VFS, "smb buf %p len %u\n", smb,
-		 server->ops->calc_smb_size(smb));
+	cifs_dbg(VFS, "Cmd: %d Err: 0x%x Flags: 0x%x Flgs2: 0x%x Mid: %d Pid: %d Wct: %d\n",
+		 smb->Command, smb->Status.CifsError, smb->Flags,
+		 smb->Flags2, smb->Mid, smb->Pid, smb->WordCount);
+	if (!server->ops->check_message(buf, server->total_read, server)) {
+		cifs_dbg(VFS, "smb buf %p len %u\n", smb,
+			 server->ops->calc_smb_size(smb));
+	}
 #endif /* CONFIG_CIFS_DEBUG2 */
 }
 


Patches currently in stable-queue which might be from pc@xxxxxxxxxxxxx are

queue-6.6/smb-client-fix-oob-in-cifsd-when-receiving-compounded-resps.patch
queue-6.6/smb-client-fix-oob-in-smb2_query_info_init.patch
queue-6.6/smb-client-fix-potential-oob-in-cifs_dump_detail.patch
queue-6.6/smb-client-fix-oob-in-smbcalcsize.patch







